My latest security schemees that I’ve mapped the Samba guest user to a new user “samba_guest”. I’ve made nobody the owner of public shares. I’ve removed the allow settings for the “nobody” user. I then enable everyone to read:
owner@:————–:——:deny
group@:-w-p———-:——:deny
group@:r-x———–:——:allow
everyone@:—-Dd-A-W-Co-:f—–:deny
everyone@:rwxp–a-R-c–s:-d—-:allow
Note that I’ve set up Samba with the ZFS ACL module. For each share, I’ve added the following entries:
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
Post a Comment